[813] in Intrusion Detection Systems
Re: Remote Logging
daemon@ATHENA.MIT.EDU (Allwyn F Crichlow)
Tue Dec 17 05:29:08 1996
From: Allwyn F Crichlow <allwync@internic.net>
To: ids@uow.edu.au
Date: Wed, 11 Dec 1996 07:36:42 -0500 (EST)
In-Reply-To: <Pine.SOL.3.91.961205114923.14352B-100000@psisa.com> from "Al Venz" at Dec 5, 96 11:54:13 am
Reply-To: ids@uow.edu.au
Writing to the "@hostname" sends it to the syslogd of the host specified
I haven't tried but can you have send to "@hostname" and have it copy to
a file via /etc/syslogd.conf?
allwync
%
% Hi Micheal,
%
% As a bit of help, Solaris's syslogd can very easily log information
% locally as well as send it to remote machines. The man pages are
% actually pretty good, believe it or not, but the general idea is that you
% specify type of message(es) just as normal, but instead of giving it a
% file name to append to or a username to "write" to, you give it a remote
% host, with the syntax of "@hostname" and it will send each message of the
% specified facility.level to that host. That host will then deal with the
% message according to it's own /etc/syslogd.conf file.
%
% Good luck!
% Al
%
% On Mon, 2 Dec 1996, Mike wrote:
%
% > I caught some of the conversation on audit trails and the likes, and wanted
% > to know if anyone knows any FAQ's, web pages, or books..etc, that explain a
% > bit on how one could have local log files, and also log the same info
% > remotely, making it a great deal harder for an intruder to erase his prescense
%
